I'm sure most everybody in the computer security world knows just how insecure fingerprint biometrics are. There are countless ways to trick or fool them, and anyone with half a brain can go about doing so.

I've heard just about every method of fooling them, but the second one thinks something like that... somebody comes up with a new way. Anybody have any fairly uncommon methods of fooling fingerprint scanners?

May 5th, 2003, 07:31 PM

MrBert

J-E-L-L-O

May 5th, 2003, 08:28 PM

imperialjustice

Too easy. most of what is published has the quality of a man saying he killed some servers because he wanted to. You have to ask yourself the real question: "Why?"Once there, move on to the heart of the matter. yes, depending on what the end result required is, your investment will change, as it only makes sense to spend 2k-25k to pick up 200k, etc,etc. So, now that we are there, the easiest and most cost effective method is still plain old scotch brand cellophane tape. It's clear, easily available(read as difficult to trace due to market saturation), and it can get the real good latents off of everything from fabric to glass. Not very reliable for rough steel , thanks to the surface grain of the metal leaving so many ridges and perforations that it becomes a nest of what most scanners see as "please clean platen, too many samples"...
Keep it simple , and it usually goes that way.
Just remember, for everything you think up to bypass security, there are 15 of us out there doing the same thing, to ensure security is effective.

:fu:

May 5th, 2003, 09:43 PM

KissCool

I heard something like 6 months ago the story of a japanese scientist who had found the way to create false fingerprints recognised as valid by those biometrics systems. He used for this a simple jelly of which ingredients were accessible to everybody in any food-shop!

I'm really not ready to use such systems. I'm not totally mad yet.

May 6th, 2003, 09:33 AM

Element_Epsilon

this might not be the best way.... or the easiest. but it usually works.

with fingerprint scanners, its usually a plate of glass. when someone presses their thumb onto it, they leave their fingerprint on the glass still.

if you clean the glass plate. then someone with access uses it. all you need is a latex glove, and a certain type of spray (i forget which) but any spray will do but it works best with a certain type. spray the glass plate. press your gloved finger onto the plate. and hey presto.

its not very subtle...but it works about 80% of the time. and yet, im sure there are other ways to cheat this type of system.... and then there will become more complex systems. eyeballs...brainwaves...blood sample..

and yet eventually all of these will be easy to break aswell.

This brings the question up. what is ahead, prevention OR crime. ** was there crime before prevention (thus the creation of prevention) or was prevention made first (which provoked crime??)

May 6th, 2003, 09:48 AM

instronics

Oh common, wake up people. This is not the macgyver show here. Are we talking about real fingerprint scanners here, or the cheap ones for your email pc. There are several criteria what a "real" fingerprint scanner looks out for, not just the print itself. Let me try to explain this a bit better here.

A finger print scanner looks for:

1 - The print, pattern itself.

2 - Body temperature.

3 - How moist the finger or thumb is.

4 - A pulse.

Then, as any other security related tool, the scanner by itself could be f00led if you kidnapped a person and made him hold his hand on the scanner. (a dead finger would not work). If there is a need for this kind of security, then be sure that there is more security involved, like guards, cameras, sound and movement detectors. You will never encounter a "real" scanner just sitting somewhere by itself like that. These jelly methods might work on a lil pc scanner that you can get at wallmart for 20$. A real scanner is very very expensive, and cannot be fooled in the ways you have mentioned.

Its like saying all you need is a firewall to protect your systems. Well its not. A firewall is just a piece of the chain to protect your systems. The same applies for a fingerprint scanner. Its just a very small piece of the chain to protect whatever it is its protecting. A real scanner looks for a finger or thumb thats alive. Every person has unique characters other than the print itself. They are all combined. I work at a security company which offers real scanners. Beleive me, they are more technical than you might think. I would recomend you goto www.howstuffworks.com and read up a bit on todays technology.

Cheers.

May 6th, 2003, 01:19 PM

Element_Epsilon

instronics is right. that is why i was inclined to believe that they were just scanners for normal comps. used with some company just for extra security. thats why my idea would work on just the basic pattern scanner.

anyhoo,

Quote:

There are countless ways to trick or fool them, and anyone with half a brain can go about doing so.

this will just be for standard (even below standard) scanners. but if your going to use those types a password would be more secure me thinks.

May 6th, 2003, 01:23 PM

black_knight

Fingerprint biometric systems are not that easy to fool

May 6th, 2003, 01:40 PM

shadow_dancer

i agree with instronics .... i made a security by using finger print a year ago for my mainframe security tools ... need lot of configuration .. i've used sql server command and it worked properly but never used it anymore coz have lot of weakness .. especially when the scanner of the machine was dirty or our finger full with oil or wetness , we must clean it first before we use it and it takes long time . so i though better use the ordinary one .. password . but that was nice .

May 6th, 2003, 04:40 PM

Plastic

Quote:

Originally posted here by KissCool I heard something like 6 months ago the story of a japanese scientist who had found the way to create false fingerprints recognised as valid by those biometrics systems. He used for this a simple jelly of which ingredients were accessible to everybody in any food-shop!

I'm really not ready to use such systems. I'm not totally mad yet.

Yea, Dr. Matsumoto was his name. I'm writing an extensive research paper on fooling fingerprint scanners, and am using his methods, as well as many others to fool scanners.

Also, I think the most effective use and/or solution to this problem would definately be multi-model system.